Package Instance

Mozilla developer Ehsan Akhgari reported a mechanism through which a
web worker could be used
to bypass secure requirements for WebSockets when workers are used to create WebSockets.
This allows for the bypassing of mixed content WebSocket policy.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Security researcher Ronald Crane reported three vulnerabilities
affecting released code that were found through code inspection. These included a
buffer overflow in the ANGLE graphics library and two issues of missing status checks in
SVG rendering and during cryptographic key manipulation. These do not all have clear
mechanisms to be exploited through web content but are vulnerable if a mechanism can be
found to trigger them.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Security researcher Gustavo Grieco reported a buffer underflow in
libjar triggered through a maliciously crafted ZIP format file. This results
in a potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Security researcher Ronald Crane reported three vulnerabilities
affecting released code that were found through code inspection. These included a
buffer overflow in the ANGLE graphics library and two issues of missing status checks in
SVG rendering and during cryptographic key manipulation. These do not all have clear
mechanisms to be exploited through web content but are vulnerable if a mechanism can be
found to trigger them.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Mozilla community member Vytautas Staraitis reported an issue with the
interaction of Java applets and JavaScript. The Java plugin can deallocate a JavaScript
wrapper when it is still in use, which leads to a JavaScript garbage collection crash.
This crash is potentially exploitable.
This issue only affects systems where Java is installed and enabled as a
browser plugin. Other systems are unaffected.

Security researcher Shinto K Anto reported an issue with cross-origin
resource sharing (CORS) "preflight" requests when receiving certain
Content-Type headers. This is due to an error in implementation resulting in
trying to process multiple media types when they are returned in the
Content-Type headers from a server. This is disallowed in the CORS specification and results in a simple instead of a
"preflight" request, leading to potential same-origin policy violation.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Security researcher Michał Bentkowski reported that adding white-space
characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was
caused by trailing whitespaces being evaluated differently when parsing IP addresses
instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Security researcher Looben Yang reported a buffer overflow in the
JPEGEncoder function during script interactions with a canvas
element. This is caused by a race condition and incorrectly matched sizes following image
interactions. This leads to a potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Security researcher Ronald Crane reported three vulnerabilities
affecting released code that were found through code inspection. These included a
buffer overflow in the ANGLE graphics library and two issues of missing status checks in
SVG rendering and during cryptographic key manipulation. These do not all have clear
mechanisms to be exploited through web content but are vulnerable if a mechanism can be
found to trigger them.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Mozilla developers and community identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.